What is RAM Scraping - Could Your Business Be a Target?

With the rash of point of sale (POS) data breaches over the past few years, everyone from major retailers down to small businesses has become more aware of the potential for malware attacks, and the need for better security. What you might not realise, though, is that these sorts of attacks are nothing new – RAM scraping, or memory scraping, has been in existence since at least 2008, and it’s not likely to go away any time soon. So, why is it so prevalent? Because it works.

What Is RAM Scraping?

With this type of malware, hackers get access to your network, usually through a simple process of running software that suggests possible user name and password combinations. If you’re set up to use just a single user name and password, that makes you extremely vulnerable. Setting up a two-level system, where there is a master log-in and then another log-in for anyone who might be using the system, can reduce your risk exponentially.

Once the hackers are inside your system and have access to your network, they place what is known as “memory parser” software on every single POS system you have. Alternatively, they can install the malware on your BOH (back of house) servers. Either way, the damage is done – they can extract every single bit of data from every credit or debit card that you use. They take it from your random access memory (RAM), hence the term “RAM scraping.”

Could You Be a Target?

Anyone, anywhere, who uses a POS system in their business can be vulnerable to RAM scraping. Hackers are everywhere, they’re smart, and they’re very good at finding ways into systems that have the least bit of vulnerability. So, how are you going to protect yourself?

1. Strengthen Your Login Requirements

Most of the time, when your POS system is implemented, you secure it with default passwords that allow anyone you trust to get access to the system. But what if your passwords are weak? What if you have an irate employee who, after leaving your employ, is only too happy to give out your login information?

Keep in mind that almost any default password can be deciphered by even a mediocre hacker. Passwords should be strong, and should be changed regularly. If you honestly think that “123456” or “password” are good passwords, then we have to tell you that you deserve to be hacked. Good passwords should consist of upper and lower case letters, numbers and alternate characters. Another good way of creating a secure password is to create a sentence that means something only to you. “My daughter likes to microwave her Bratz dolls,” for example, is much stronger than your daughter’s name.

A two-level login also goes a long way to strengthening your security. This means that you have a master user name and password, and then everyone that you trust to have access to your system also sets their own user name and password. Again, you have to worry about irate ex-employees, but if you change your master user name and password regularly, that shouldn’t be an issue.

2. Update Your Applications

You should also make sure that you update regularly, and make use of all available patches. When you are not up to date, hackers can find a way in much more easily. Consider updating a vital component of your security protocol.

3. Firewalls are There for a Reason

You wouldn’t run your home computer without firewalls, so don’t do it with your POS system. They work to screen out malware, so make sure you set up firewalls, and if you are using a third-party provider, ask about their firewall protection.

4. Antivirus is There for a Reason, Too

Good antivirus software can be your best protection. This kind of software keeps malware from accessing your system. Keep in mind, though, that new viruses are created practically every day, and software has to be constantly updated to guard against new threats. So if your antivirus software alerts you to a new threat, resist the temptation to click on “remind me later.” Update immediately.

For that matter, don’t just stop with using an antivirus program. Think about a full endpoint protection suite that includes host-based intrusion prevention and traffic inspection. And even with all that, remember that you could still be vulnerable.

5. Restrict Access

Keep your POS isolated from the Internet, unless it has to access the Internet in order to work properly. At the very least, use a firewall to restrict traffic.


Never assume that you are not vulnerable to RAM scraping. Everyone is. But with simple measures like improving your password security, restricting access, and using firewalls and antivirus, you can lower your risk.